package at.gv.egovernment.moa.id.proxy; import java.io.File; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import java.io.IOException; import java.util.*; //import org.apache.xerces.parsers.AbstractDOMParser; import org.apache.xerces.parsers.DOMParser; import org.w3c.dom.*; /** * XMLLoginParameterResolver an implementation of implementation of interface * LoginParameterResolver * This implementation used to map identities stored in an XML file to parameters * which are given to OAs. * * @author Rudolf Schamberger * @version $Id$ */ public class XMLLoginParameterResolver implements LoginParameterResolver { //file which is parsed and interpreted for paremeter resolving. private String identityFile; /** * inner class used to store mapped parameters */ class LPRParams { /** * getter method for parameter Enabled. * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver */ public boolean getEnabled() { return enabled.booleanValue(); } /** * getter method for parameter UN (username) * @return Parameter UN or null not set. */ public String getUN() { return UN; } /** * getter method for parameter PW (password) * @return Parameter PW or null not set. */ public String getPW() { return PW; } /** * getter method for parameter Param1 * @return Parameter Param1 or null not set. */ public String getParam1() { return Param1; } /** * getter method for parameter Param2 * @return Parameter Param2 or null not set. */ public String getParam2() { return Param2; } /** * getter method for parameter Param3 * @return Parameter Param3 or null not set. */ public String getParam3() { return Param3; } /** * Returns a string representation of LPRParams * * @return a String representation of this object. * @see XMLLoginParameterResolver.LPRParams */ public String toString() { return "Enabled: " + enabled.toString() + "UN: '" + UN + "' PW: '" + PW + "' Param1: '" + Param1 + "' Param2: '" + Param2 + "' Param3: '" + Param3 + "'\n"; } //private member variables used private Boolean enabled = null; private String UN = null; private String PW = null; private String Param1 = null; private String Param2 = null; private String Param3 = null; /** * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. * * @param enabled enable user mapping to parameter set for the parameter set. * @param UN username used in HTTP 401 - BasicAuthentication * @param PW password used in HTTP 401 - BasicAuthentication * @param Param1 parameter1 used in HeaderAuthentication and ParameterAuthentication * @param Param2 parameter2 used in HeaderAuthentication and ParameterAuthentication * @param Param3 parameter3 used in HeaderAuthentication and ParameterAuthentication **/ LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { this.enabled = new Boolean(enabled); this.UN = UN; this.PW = PW; this.Param1 = Param1; this.Param1 = Param2; this.Param1 = Param3; } /** * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. * * @param enabled enable user mapping to parameter set for the parameter set. * @param UN username used in HTTP 401 - BasicAuthentication * @param PW password used in HTTP 401 - BasicAuthentication **/ LPRParams(boolean enabled, String UN, String PW) { this(enabled, UN, PW, null, null, null); } } /** * Constructs a newly allocated XMLLoginParameterResolver object. **/ public XMLLoginParameterResolver() { bPKMap = new HashMap(); namedMap = new HashMap(); } /** * configuration method * @param configuration enabled enable user mapping to parameter set for the parameter set. */ public void configure(String configuration) throws LoginParameterResolverException { File idFile; this.identityFile = configuration; try { if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { Logger.error("XMLLoginParameterResolver could not read '" + identityFile + "' " ); return; } Document doc = readXMLFile(identityFile); buildInfo(doc); } catch (Throwable ex) { throw new LoginParameterResolverException("config.11", new Object[] {identityFile}, ex); } isConfigured = true; } public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress) throws LoginParameterResolverException { Map result = new HashMap(); if (!isConfigured) { throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + identityFile + "' is not configured!", null); } String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); String bPK = resolveValue("MOAVPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; boolean userFound = false; //try bPK and named search userFound = bPKIdentitySearch(bPK, params); if(false == userFound) namedIdentitySearch(famName, givenName, dateOfBirth, params); if(false == userFound) return result; //HTTP 401 - Basic Authentication if (oaConf.getAuthType().equals("basic")) { userid = params.getUN(); password = params.getPW(); try { String userIDPassword = userid + ":" + password; String credentials = Base64Utils.encode(userIDPassword.getBytes()); Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); result.put("Authorization", "Basic " + credentials); } catch (IOException ignore) { } return result; } if (oaConf.getAuthType().equals("header")) { String key; String resolvedValue; result.put("Param1", params.getParam1()); result.put("Param2", params.getParam2()); result.put("Param3", params.getParam3()); return result; /* for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) { key = (String) iter.next(); String predicate = (String) oaConf.getHeaderAuthMapping().get(key); resolvedValue = resolveValue(predicate, authData, clientIPAddress); } */ } return result; } public Map getAuthenticationParameters( OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress) { Map result = new HashMap(); if (!isConfigured) { Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); return result; } String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); String bPK = resolveValue("MOAVPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; boolean userFound = false; //try bPK and named search userFound = bPKIdentitySearch(bPK, params); if (false == userFound) namedIdentitySearch(famName, givenName, dateOfBirth, params); if (false == userFound) return result; if (oaConf.getAuthType().equals("param")) { result.put("Param1", params.getParam1()); result.put("Param2", params.getParam2()); result.put("Param3", params.getParam3()); return result; /* String key; String resolvedValue; for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) { key = (String) iter.next(); String predicate = (String) oaConf.getParamAuthMapping().get(key); resolvedValue = resolveValue(predicate, authData, clientIPAddress); } */ } return result; } private static String resolveValue( String predicate, AuthenticationData authData, String clientIPAddress) { if (predicate.equals("MOAGivenName")) return authData.getGivenName(); if (predicate.equals("MOAFamilyName")) return authData.getFamilyName(); if (predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); if (predicate.equals("MOAVPK")) return authData.getVPK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; else return "false"; if (predicate.equals("MOABKZ")) return authData.getPublicAuthorityCode(); if (predicate.equals("MOAQualifiedCertificate")) if (authData.isQualifiedCertificate()) return "true"; else return "false"; if (predicate.equals("MOAZMRZahl")) return authData.getIdentificationValue(); if (predicate.equals("MOAIPAddress")) return clientIPAddress; else return null; } private Document readXMLFile(String fileName) { Logger.info("XMLLoginParameterResolver: Loading MOA-OA configuration " + fileName); DOMParser parser = new DOMParser(); try { parser.setFeature("http://xml.org/sax/features/validation", true); parser.setFeature("http://apache.org/xml/features/validation/schema", true); parser.parse(fileName); return parser.getDocument(); } catch (Exception e) { String msg = e.toString(); Logger.error("XMLLoginParameterResolver: Error parsing file" + fileName + "\n" + msg); return null; } } private void buildInfo(Document doc) { Element root = doc.getDocumentElement(); NodeList idList = root.getElementsByTagName(XSD_IDELEM); NodeList paramList = root.getElementsByTagName("Parameters"); for (int i = 0; i < idList.getLength(); i++) Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); for (int i = 0; i < paramList.getLength(); i++) Logger.debug( "XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); for (int i = 0; i < idList.getLength(); i++) { Element tmpElem = (Element) idList.item(i); NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); for (int j = 0; j < tmpList.getLength(); j++) Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); if (1 == tmpList.getLength()) { tmpElem = (Element) tmpList.item(0); String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName"); boolean tmpBool = false; if (tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; Logger.debug( "XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); tmpElem = (Element) paramList.item(i); Logger.debug( "XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); namedMap.put( tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { tmpList = tmpElem.getElementsByTagName("bPKIdentity"); if (1 == tmpList.getLength()) { tmpElem = (Element) tmpList.item(0); String tmpStr = tmpElem.getAttribute("bPK"); boolean tmpBool = false; if (tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; Logger.debug( "XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); tmpElem = (Element) paramList.item(i); Logger.debug( "XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); bPKMap.put( tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { Logger.warn( "XMLLoginParameterResolver: wrong format no NamedIdentity or bPKIdentity found"); } } } Logger.debug("namedMap:" + namedMap.toString()); Logger.debug("bPKMap:" + bPKMap.toString()); } private void buildIdentityInfo(Document doc) { } boolean bPKIdentitySearch(String bPK, LPRParams params) { //search for mapping with bPK of the user Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); params = (LPRParams) bPKMap.get(bPK); if (null == params) { Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); return false; } else if (params.getEnabled()) { Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); return true; } Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); return false; } boolean namedIdentitySearch( String famName, String givenName, String dateOfBirth, LPRParams params) { Logger.info( "XMLLoginParameterResolver: search for login data for SurName:" + famName + " GivenName: " + givenName); params = (LPRParams) namedMap.get(famName + "," + givenName); if (null == params) { Logger.info( "XMLLoginParameterResolver: params for Surname: " + famName + " GivenName: " + givenName + " not found!"); return false; } if (params.getEnabled()) { Logger.info( "XMLLoginParameterResolver: SurName:" + famName + " GivenName: " + givenName + "found in list; user is enabled"); Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); return true; } Logger.info( "XMLLoginParameterResolver: SurName:" + famName + " GivenName: " + givenName + "found in list; user is NOT enabled"); return false; } public static final String XSD_MAPPING = "Mapping"; public static final String XSD_DOCELEM = "MOAIdentities"; public static final String XSD_IDELEM = "Identity"; public static final String XSD_NAMEDIDELEM = "NamedIdentity"; public static final String XSD_BPKIDELEM = "bPKIdentity"; public static final String XSD_PARAMELEM = "Parameters"; public static final String XML_LPR_CONFIG_PROPERTY_NAME = "moa.id.xmllpr.configuration"; private Map bPKMap; private Map namedMap; private boolean isConfigured = false; }